The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft SharePoint Team Services

vulnerability CVE-2016-7193

Microsoft Office: memory corruption via RTF

Synthesis of the vulnerability

An attacker can generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Impacted products: Office, Access, Microsoft OCS, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: 3194063, CERTFR-2016-AVI-339, CVE-2016-7193, MS16-121, VIGILANCE-VUL-20830.

Description of the vulnerability

The Microsoft Office product can open documents in RTF format.

However, a malicious document corrupts the Microsoft Office memory.

An attacker can therefore generate a memory corruption via RTF of Microsoft Office, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-0137 CVE-2016-0141 CVE-2016-3357

Microsoft Office: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 13/09/2016.
Revision date: 21/09/2016.
Identifiers: 3185852, CERTFR-2016-AVI-309, CVE-2016-0137, CVE-2016-0141, CVE-2016-3357, CVE-2016-3358, CVE-2016-3359, CVE-2016-3360, CVE-2016-3361, CVE-2016-3362, CVE-2016-3363, CVE-2016-3364, CVE-2016-3365, CVE-2016-3366, CVE-2016-3381, MS16-107, VIGILANCE-VUL-20592, ZDI-16-508.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can bypass security features via Click-to-Run, in order to obtain sensitive information. [severity:1/4; CVE-2016-0137]

An attacker can bypass security features via Visual Basic Macros, in order to obtain sensitive information. [severity:2/4; CVE-2016-0141]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3357]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3358]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3359]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3360]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3361]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3362]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3363]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3364]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3365, ZDI-16-508]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3381]

An attacker can alter displayed information, in order to deceive the victim. [severity:2/4; CVE-2016-3366]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-3278 CVE-2016-3279 CVE-2016-3280

Microsoft Office: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/07/2016.
Identifiers: 3170008, CERTFR-2016-AVI-231, CVE-2016-3278, CVE-2016-3279, CVE-2016-3280, CVE-2016-3281, CVE-2016-3282, CVE-2016-3283, CVE-2016-3284, MS16-088, VIGILANCE-VUL-20084.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3278]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3280]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3281]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3282]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3283]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3284]

An attacker can use a vulnerability via an XLA file, in order to run code. [severity:3/4; CVE-2016-3279]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-0025 CVE-2016-3233 CVE-2016-3234

Microsoft Office, SharePoint: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Excel, PowerPoint, MOSS, Visio, Word.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/06/2016.
Identifiers: 3163610, CERTFR-2016-AVI-205, CVE-2016-0025, CVE-2016-3233, CVE-2016-3234, CVE-2016-3235, MS16-070, VIGILANCE-VUL-19897.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0025]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3233]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:3/4; CVE-2016-3234]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-3235]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-0126 CVE-2016-0140 CVE-2016-0183

Microsoft Office, SharePoint: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, Access, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/05/2016.
Identifiers: 3155544, CVE-2016-0126, CVE-2016-0140, CVE-2016-0183, CVE-2016-0198, MS16-054, VIGILANCE-VUL-19578.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0126]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0140]

An attacker can use a vulnerability in Microsoft Office Graphics, in order to run code. [severity:3/4; CVE-2016-0183]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0198]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-0021 CVE-2016-0057 CVE-2016-0134

Microsoft Office: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Office, InfoPath, MOSS, Word.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/03/2016.
Identifiers: 3141806, CERTFR-2016-AVI-090, CVE-2016-0021, CVE-2016-0057, CVE-2016-0134, MS16-029, VIGILANCE-VUL-19127.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can invite the victim to open a malicious Office document, to generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0021]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-0057]

An attacker can invite the victim to open a malicious Office document, to generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0134]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-0022 CVE-2016-0039 CVE-2016-0052

Microsoft Office, SharePoint: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office, SharePoint.
Impacted products: Office, Access, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word.
Severity: 3/4.
Consequences: user access/rights, client access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 09/02/2016.
Identifiers: 3134226, CERTFR-2016-AVI-057, CVE-2016-0022, CVE-2016-0039, CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE-2016-0056, MS16-015, VIGILANCE-VUL-18905.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office, SharePoint.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0022]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0052]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0053]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0054]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0055]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0056]

An attacker can trigger a Cross Site Scripting in Microsoft SharePoint, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-0039]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-6117 CVE-2016-0010 CVE-2016-0011

Microsoft Office, SharePoint, Visual Basic: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office, SharePoint.
Impacted products: Office, Excel, PowerPoint, MOSS, Visio, Word, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 12/01/2016.
Identifiers: 3124585, CERTFR-2016-AVI-013, CVE-2015-6117, CVE-2016-0010, CVE-2016-0011, CVE-2016-0012, CVE-2016-0035, MS16-004, VIGILANCE-VUL-18700.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office, SharePoint and Visual Basic.

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0010]

An attacker can guess the memory layout of a process of Microsoft Office and Microsoft Visual Basic 6.0 Runtime, to bypass ASLR, in order to ease the next step of an attack. [severity:1/4; CVE-2016-0012]

An attacker can generate a memory corruption in Microsoft Office, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0035]

An attacker can bypass security features in Access Control Policy of Microsoft SharePoint, in order to escalate his privileges. [severity:3/4; CVE-2016-0011]

An attacker can bypass security features in Access Control Policy of Microsoft SharePoint, in order to escalate his privileges. [severity:3/4; CVE-2015-6117]
Full Vigil@nce bulletin... (Free trial)

vulnerability note 18524

Excel: use after free via XLSB

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious XLSB file, to force the usage of a freed memory area in Excel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Lync, Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word, Skype for Business.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 15/12/2015.
Identifiers: 3104540, MS15-116, VIGILANCE-VUL-18524, ZDI-15-639.

Description of the vulnerability

The Excel product supports binary files with the ".xlsb" extension.

However, if the file is malformed, Excel frees a memory area before reusing it.

An attacker can therefore invite the victim to open a malicious XLSB file, to force the usage of a freed memory area in Excel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-2503 CVE-2015-6038 CVE-2015-6091

Microsoft Office, Lync: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Office.
Impacted products: Lync, Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word, Skype for Business.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 10/11/2015.
Identifiers: 3104540, CERTFR-2015-AVI-473, CVE-2015-2503, CVE-2015-6038, CVE-2015-6091, CVE-2015-6092, CVE-2015-6093, CVE-2015-6094, CVE-2015-6123, MS15-116, VIGILANCE-VUL-18281, ZDI-15-539, ZDI-15-543, ZDI-15-546.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6038, ZDI-15-543]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6091]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6092]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6093, ZDI-15-539]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-6094, ZDI-15-546]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-2503]

An attacker can deceive the user, in order to redirect him to a malicious site. [severity:1/4; CVE-2015-6123]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft SharePoint Team Services: